<?php

/**
* Use 1 to emulate register_globals = on
*
* Use 0 to emulate regsiter_globals = off
*/
define( 'RG_EMULATION', 1 );

/**
* Adds an array to the GLOBALS array and checks that the GLOBALS variable is
* not being attacked
* @param array
* @param boolean True if the array is to be added to the GLOBALS
*/
function checkInputArray( &$array, $globalise=false ) {
static $banned = array( '_files', '_env', '_get', '_post', '_cookie', '_server', '_session', 'globals' );

foreach ($array as $key => $value) {
if (in_array( strtolower( $key ), $banned ) ) {
die( 'Illegal variable <b>' . implode( '</b> or <b>', $banned ) . '</b> passed to script.' );
}
if ($globalise) {
$GLOBALS[$key] = $value;
}
}
}

/**
* Emulates register globals = off
*/
function unregisterGlobals () {
checkInputArray( $_FILES );
checkInputArray( $_ENV );
checkInputArray( $_GET );
checkInputArray( $_POST );
checkInputArray( $_COOKIE );
checkInputArray( $_SERVER );

if (isset( $_SESSION )) {
checkInputArray( $_SESSION );
}

$REQUEST = $_REQUEST;
$GET = $_GET;
$POST = $_POST;
$COOKIE = $_COOKIE;
if (isset ( $_SESSION )) {
$SESSION = $_SESSION;
}
$FILES = $_FILES;
$ENV = $_ENV;
$SERVER = $_SERVER;
foreach ($GLOBALS as $key => $value) {
if ( $key != 'GLOBALS' ) {
unset ( $GLOBALS [ $key ] );
}
}
$_REQUEST = $REQUEST;
$_GET = $GET;
$_POST = $POST;
$_COOKIE = $COOKIE;
if (isset ( $SESSION )) {
$_SESSION = $SESSION;
}
$_FILES = $FILES;
$_ENV = $ENV;
$_SERVER = $SERVER;
}

/**
* Emulates register globals = on
*/
function registerGlobals() {
checkInputArray( $_FILES, true );
checkInputArray( $_ENV, true );
checkInputArray( $_GET, true );
checkInputArray( $_POST, true );
checkInputArray( $_COOKIE, true );
checkInputArray( $_SERVER, true );

if (isset( $_SESSION )) {
checkInputArray( $_SESSION, true );
}

foreach ($_FILES as $key => $value){
$GLOBALS[$key] = $_FILES[$key]['tmp_name'];
foreach ($value as $ext => $value2){
$key2 = $key . '_' . $ext;
$GLOBALS[$key2] = $value2;
}
}
}

if (RG_EMULATION == 0) {
// force register_globals = off
unregisterGlobals();
} else if (ini_get('register_globals') == 0) {
// php.ini has register_globals = off and emulate = on
registerGlobals();
} else {
// php.ini has register_globals = on and emulate = on
// just check for spoofing
checkInputArray( $_FILES );
checkInputArray( $_ENV );
checkInputArray( $_GET );
checkInputArray( $_POST );
checkInputArray( $_COOKIE );
checkInputArray( $_SERVER );

if (isset( $_SESSION )) {
checkInputArray( $_SESSION );
}
}
?>

functions like that make me scratch my head.

it gets the $_GET, $_POST, etc and puts them into $GET, $POST, etc. It checks that a few of them don't have certain keys (in that static array earlier in the script).

this is fairly slow though, I fail to see its usefulness.

Looks like maybe it was initially created to allow a script designed for use with register_globals on to run when register_globals is off; but I'm not sure, as it started to make my head swim as I scanned through it.

it is pretty much pointless, turning register_globals on or off via a .htaccess file or the php.ini file is easier and better

any script that requires register_globals to be turned on, should be tossed out

Thank for your replays, so there is point to all of it. Thank you for clearing that up, but I feel that the security aspect in my php programming is a little shaky. As one person tells me one thing another tells me something else, then I read a book that tells me sonething else, I just feel as though I go around in circles not learning much about anything.

Here's info on register_globals: http://www.php.net/register_globals

For more info on other security aspects: http://www.php.net/manual/en/security.php

the biggest security threat is mainly user data ($_POST, $_FILES, $_GET, and $_COOKIE), validating these points of valnurability will harden your security

example<?php
if($_POST)
{
if(isset($_POST['data']))
{
// force the value to an integer
$post_data = intval($_POST['data']);

// check if value is in range, or default to lowest value
if($post_data > 10 || $post_data < 1)
{
$post_data = 1;
}
// ...
}
}
?>